HSM Infrastructure Engineer

Start date: January 12, 2026
End date: June 30, 2026
Location: Brussels

Job description:

The IOS domain has purchased 5 nShield General Purpose hardware security modules from Entrust. To use these HSMs in a broader PKI context, we are looking for an Entrust nShield Certified specialist for the following tasks:

Automate the Security World creation and associated Administrator and Operator Card Sets according to industry standards across 3 environments in 2 data centers.
Document and develop a demo for PKCS 11 integration to boost reuse with software such as Axway API Gateway, AppViewX, Forgerock AM, and HashiCorp Vault.
Requirements for automation:
Create an Active-Passive RFS "cluster".
Reset existing Security World and create a new FIPS 140-2 Level 3 compliant Security World.
Setting up AES as a preferred cipher suite and optimal use of ECC.
Configuring 3/6 quorum for operations and active-backup network connection.
Set up 3 NTP servers, audit registration, remote management, remote reboot, and auto-push config.
Join existing Security World if a cluster is present.
Create 3 2/5 quorum persistent OCS with a 300 second timeout and passphrase replacement / PIN recovery.
Enforce passphrase complexity for ACS and OCS.
All steps must be logged for proof of correct execution. Ideally, the automation steps are reusable for automated initialization of an HSM after a firmware upgrade.

Requirements:

Minimum 5 years of experience with Entrust products.
Experience with Linux RHEL8 and above.
Active knowledge of Dutch and / or French is a plus.
Desired skills:
Axway Amplify API Gateway
Forgerock
Hashicorp Vault
Linux Red Hat 7 - 9
We are looking for an expert with in-depth knowledge and experience in the above technologies and processes.